ConXsense – Context Sensing for Adaptive Usable Access Control

[Report]
, (2013)

Abstract

In this paper, we present the design and implementation of ConXsense, a framework utilizing context sensing for easy-to-use and adaptive context-aware access control for mobile devices. Previous work often require either users to laboriously specify detailed policies or they rely on pre-specified, non-personalized and error-prone policies for generic context classes. Recent approaches attempt to address these deficiencies by learning from context data. Our approach improves on this by using context data to automatically estimate the sensitivity and safety of the user’s context and using the estimates for dynamically enforcing access control rules in a highly personalized, nonintrusive and usable manner. Our initial implementation of the framework addresses two smartphone-related problem scenarios for context-aware access control: 1) how to prevent unauthorized apps (like sensory malware) from gathering information about the context of a mobile device (contextual privacy) and 2) how to protect the data and applications on the device from physical threats in the context (like thieves or device misuse by others). We start with a sociological user study, and use its results to inform the design and implementation of ConXsense. We carry out a data collection and analysis study based on which we evaluate the effectiveness and accuracy of ConXsense. Moreover, we integrate ConXsense with a fine-grained access control architecture and show how it can effectively protect against sensory malware as well as device theft and misuse.

In this paper, we present the design and implementation of ConXsense, a framework utilizing context sensing for easy-to-use and adaptive context-aware access control for mobile devices. Previous work often require either users to laboriously specify detailed policies or they rely on pre-specified, non-personalized and error-prone policies for generic context classes. Recent approaches attempt to address these deficiencies by learning from context data. Our approach improves on this by using context data to automatically estimate the sensitivity and safety of the user’s context and using the estimates for dynamically enforcing access control rules in a highly personalized, nonintrusive and usable manner. Our initial implementation of the framework addresses two smartphone-related problem scenarios for context-aware access control: 1) how to prevent unauthorized apps (like sensory malware) from gathering information about the context of a mobile device (contextual privacy) and 2) how to protect the data and applications on the device from physical threats in the context (like thieves or device misuse by others). We start with a sociological user study, and use its results to inform the design and implementation of ConXsense. We carry out a data collection and analysis study based on which we evaluate the effectiveness and accuracy of ConXsense. Moreover, we integrate ConXsense with a fine-grained access control architecture and show how it can effectively protect against sensory malware as well as device theft and misuse.